topic ASA - Read-Only User Not Able to Build Filters in Log Viewer in Network Security https://community.cisco.com/t5/network-security/asa-read-only-user-not-able-to-build-filters-in-log-viewer/m-p/2600950#M920526 <P>Hello all,</P><P>I just set up a read-only profile for my ASAs. However, I'm not able only to use the function "Built Filter" in "Real Time Log Viewer". As you can see the attached image, I can't see the OK button.</P><P>I'm using ISE, thus, the solution is setup using&nbsp;radius.&nbsp;Everything else is working fine.&nbsp;</P><P>&nbsp;</P><P>Here goes the relevant part of the configuration:</P><P>&nbsp;</P><P><SPAN style="font-size:12px;"><SPAN style="font-family:courier new,courier,monospace;">aaa authentication ssh console ISE LOCAL<BR />aaa authentication enable console ISE&nbsp;<BR />aaa authentication http console ISE LOCAL<BR />aaa authorization command LOCAL&nbsp;</SPAN></SPAN></P><P><SPAN style="font-size:12px;">!</SPAN></P><P><SPAN style="font-size:12px;"><SPAN style="font-family: 'courier new', courier, monospace;">privilege cmd level 3 mode exec command perfmon</SPAN></SPAN></P><P><SPAN style="font-size:12px;"><SPAN style="font-family:courier new,courier,monospace;">privilege cmd level 5 mode exec command dir<BR />privilege cmd level 3 mode exec command ping<BR />privilege cmd level 3 mode exec command who<BR />privilege cmd level 3 mode exec command logging<BR />privilege cmd level 3 mode exec command failover<BR />privilege cmd level 3 mode exec command vpn-sessiondb<BR />privilege cmd level 2 mode exec command terminal<BR />privilege cmd level 3 mode exec command packet-tracer<BR />privilege cmd level 5 mode exec command export<BR />privilege show level 5 mode exec command import<BR />privilege show level 5 mode exec command running-config<BR />privilege show level 2 mode exec command version<BR />privilege show level 3 mode exec command reload<BR />privilege show level 3 mode exec command mode<BR />privilege show level 3 mode exec command firewall<BR />privilege show level 2 mode exec command conn<BR />privilege show level 3 mode exec command asp<BR />privilege show level 3 mode exec command cpu<BR />privilege show level 3 mode exec command interface<BR />privilege show level 3 mode exec command clock<BR />privilege show level 3 mode exec command dns-hosts<BR />privilege show level 3 mode exec command access-list<BR />privilege show level 3 mode exec command logging<BR />privilege show level 3 mode exec command vlan<BR />privilege show level 3 mode exec command ip<BR />privilege show level 3 mode exec command failover<BR />privilege show level 3 mode exec command asdm<BR />privilege show level 3 mode exec command arp<BR />privilege show level 3 mode exec command ipv6<BR />privilege show level 3 mode exec command route<BR />privilege show level 3 mode exec command ospf<BR />privilege show level 3 mode exec command aaa-server<BR />privilege show level 3 mode exec command aaa<BR />privilege show level 3 mode exec command eigrp<BR />privilege show level 3 mode exec command crypto<BR />privilege show level 3 mode exec command ssh<BR />privilege show level 3 mode exec command vpn-sessiondb<BR />privilege show level 3 mode exec command vpn<BR />privilege show level 3 mode exec command dhcpd<BR />privilege show level 2 mode exec command threat-detection<BR />privilege show level 2 mode exec command terminal<BR />privilege show level 3 mode exec command blocks<BR />privilege show level 3 mode exec command wccp<BR />privilege show level 3 mode exec command dynamic-filter<BR />privilege show level 3 mode exec command webvpn<BR />privilege show level 3 mode exec command service-policy<BR />privilege show level 3 mode exec command module<BR />privilege show level 3 mode exec command uauth<BR />privilege show level 3 mode exec command compression<BR />privilege show level 3 mode configure command interface<BR />privilege show level 3 mode configure command clock<BR />privilege show level 3 mode configure command access-list<BR />privilege show level 3 mode configure command logging<BR />privilege show level 3 mode configure command ip<BR />privilege show level 3 mode configure command failover<BR />privilege show level 5 mode configure command asdm<BR />privilege show level 3 mode configure command arp<BR />privilege show level 3 mode configure command route<BR />privilege show level 3 mode configure command aaa-server<BR />privilege show level 3 mode configure command aaa<BR />privilege show level 3 mode configure command crypto<BR />privilege show level 3 mode configure command ssh<BR />privilege show level 3 mode configure command dhcpd<BR />privilege show level 5 mode configure command privilege<BR />privilege clear level 3 mode exec command dns-hosts<BR />privilege clear level 3 mode exec command logging<BR />privilege clear level 3 mode exec command arp<BR />privilege clear level 3 mode exec command aaa-server<BR />privilege clear level 3 mode exec command crypto<BR />privilege clear level 2 mode exec command terminal<BR />privilege clear level 3 mode exec command dynamic-filter<BR />privilege cmd level 3 mode configure command failover<BR />privilege clear level 3 mode configure command logging<BR />privilege clear level 3 mode configure command arp<BR />privilege clear level 3 mode configure command crypto<BR />privilege clear level 3 mode configure command aaa-server</SPAN></SPAN></P><P>&nbsp;</P><P>Can you please advise what might be wrong?</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 21 Feb 2020 13:21:27 GMT vialves 2020-02-21T13:21:27Z ASA - Read-Only User Not Able to Build Filters in Log Viewer https://community.cisco.com/t5/network-security/asa-read-only-user-not-able-to-build-filters-in-log-viewer/m-p/2600950#M920526 <P>Hello all,</P><P>I just set up a read-only profile for my ASAs. However, I'm not able only to use the function "Built Filter" in "Real Time Log Viewer". As you can see the attached image, I can't see the OK button.</P><P>I'm using ISE, thus, the solution is setup using&nbsp;radius.&nbsp;Everything else is working fine.&nbsp;</P><P>&nbsp;</P><P>Here goes the relevant part of the configuration:</P><P>&nbsp;</P><P><SPAN style="font-size:12px;"><SPAN style="font-family:courier new,courier,monospace;">aaa authentication ssh console ISE LOCAL<BR />aaa authentication enable console ISE&nbsp;<BR />aaa authentication http console ISE LOCAL<BR />aaa authorization command LOCAL&nbsp;</SPAN></SPAN></P><P><SPAN style="font-size:12px;">!</SPAN></P><P><SPAN style="font-size:12px;"><SPAN style="font-family: 'courier new', courier, monospace;">privilege cmd level 3 mode exec command perfmon</SPAN></SPAN></P><P><SPAN style="font-size:12px;"><SPAN style="font-family:courier new,courier,monospace;">privilege cmd level 5 mode exec command dir<BR />privilege cmd level 3 mode exec command ping<BR />privilege cmd level 3 mode exec command who<BR />privilege cmd level 3 mode exec command logging<BR />privilege cmd level 3 mode exec command failover<BR />privilege cmd level 3 mode exec command vpn-sessiondb<BR />privilege cmd level 2 mode exec command terminal<BR />privilege cmd level 3 mode exec command packet-tracer<BR />privilege cmd level 5 mode exec command export<BR />privilege show level 5 mode exec command import<BR />privilege show level 5 mode exec command running-config<BR />privilege show level 2 mode exec command version<BR />privilege show level 3 mode exec command reload<BR />privilege show level 3 mode exec command mode<BR />privilege show level 3 mode exec command firewall<BR />privilege show level 2 mode exec command conn<BR />privilege show level 3 mode exec command asp<BR />privilege show level 3 mode exec command cpu<BR />privilege show level 3 mode exec command interface<BR />privilege show level 3 mode exec command clock<BR />privilege show level 3 mode exec command dns-hosts<BR />privilege show level 3 mode exec command access-list<BR />privilege show level 3 mode exec command logging<BR />privilege show level 3 mode exec command vlan<BR />privilege show level 3 mode exec command ip<BR />privilege show level 3 mode exec command failover<BR />privilege show level 3 mode exec command asdm<BR />privilege show level 3 mode exec command arp<BR />privilege show level 3 mode exec command ipv6<BR />privilege show level 3 mode exec command route<BR />privilege show level 3 mode exec command ospf<BR />privilege show level 3 mode exec command aaa-server<BR />privilege show level 3 mode exec command aaa<BR />privilege show level 3 mode exec command eigrp<BR />privilege show level 3 mode exec command crypto<BR />privilege show level 3 mode exec command ssh<BR />privilege show level 3 mode exec command vpn-sessiondb<BR />privilege show level 3 mode exec command vpn<BR />privilege show level 3 mode exec command dhcpd<BR />privilege show level 2 mode exec command threat-detection<BR />privilege show level 2 mode exec command terminal<BR />privilege show level 3 mode exec command blocks<BR />privilege show level 3 mode exec command wccp<BR />privilege show level 3 mode exec command dynamic-filter<BR />privilege show level 3 mode exec command webvpn<BR />privilege show level 3 mode exec command service-policy<BR />privilege show level 3 mode exec command module<BR />privilege show level 3 mode exec command uauth<BR />privilege show level 3 mode exec command compression<BR />privilege show level 3 mode configure command interface<BR />privilege show level 3 mode configure command clock<BR />privilege show level 3 mode configure command access-list<BR />privilege show level 3 mode configure command logging<BR />privilege show level 3 mode configure command ip<BR />privilege show level 3 mode configure command failover<BR />privilege show level 5 mode configure command asdm<BR />privilege show level 3 mode configure command arp<BR />privilege show level 3 mode configure command route<BR />privilege show level 3 mode configure command aaa-server<BR />privilege show level 3 mode configure command aaa<BR />privilege show level 3 mode configure command crypto<BR />privilege show level 3 mode configure command ssh<BR />privilege show level 3 mode configure command dhcpd<BR />privilege show level 5 mode configure command privilege<BR />privilege clear level 3 mode exec command dns-hosts<BR />privilege clear level 3 mode exec command logging<BR />privilege clear level 3 mode exec command arp<BR />privilege clear level 3 mode exec command aaa-server<BR />privilege clear level 3 mode exec command crypto<BR />privilege clear level 2 mode exec command terminal<BR />privilege clear level 3 mode exec command dynamic-filter<BR />privilege cmd level 3 mode configure command failover<BR />privilege clear level 3 mode configure command logging<BR />privilege clear level 3 mode configure command arp<BR />privilege clear level 3 mode configure command crypto<BR />privilege clear level 3 mode configure command aaa-server</SPAN></SPAN></P><P>&nbsp;</P><P>Can you please advise what might be wrong?</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 21 Feb 2020 13:21:27 GMT https://community.cisco.com/t5/network-security/asa-read-only-user-not-able-to-build-filters-in-log-viewer/m-p/2600950#M920526 vialves 2020-02-21T13:21:27Z